Options

Default: If this option is not specified, the rule is an ingress rule (applies
to traffic entering the group).

No

-P, --protocol protocol | protocol_number

IP protocol name or number.

Valid values: tcp
| udp | icmp-1/all

Note: You can specify arbitrary IANA-assigned protocol numbers as well as the special values "all" and "-1",
which refer to all network traffic, in VPC security groups. As a
convenience, if a protocol is specified by name euca-authorize
and euca-revoke will consult /etc/protocols to discover its
number.

No

-p port_range

Specifies the range of ports to allow for TCP and UDP. Not valid
for ICMP.

Valid values: Single integer or range (min-max). Use
-1 to specify all ports.

Conditional

-t, --icmp-type-code

ICMP type and code specified as "type:code".
Only works if you specify ICMP as the
protocol.

Conditional

-o, --source-group
source_group

(Non-VPC only) Group from which traffic is authorized by the rule. Every instance in
the security group is allowed to pass traffic.

No

-u, --source-group-user
source_group_user

ID of the security group user you name in the
-o parameter

No

-s, --source-subnet
source_subnet

Addresses to apply the rule to

Default:
0.0.0.0/0

No

Common Options

Option

Description

--show-empty-fields

Show empty fields as "(nil)".

--region user@region

Region and/or user name to search when looking up config file data. Only valid for EC2
endpoints.

-U,--url url

URL of the cloud service to connect to. For administrative commands, this should be <ip_address>:8773/services/Empyrean.

-I,--access-key-id key_id

User's access key ID.

-S,--secret-key secret_key

User's secret key.

--security-token token

User's security token.

--debug

Prints what the command sends to the server
and what it receives from the server. Use when
you're trying to debug Euca2ools.